CN108351924A - Electronic security(ELSEC) container - Google Patents
Electronic security(ELSEC) container Download PDFInfo
- Publication number
- CN108351924A CN108351924A CN201680050188.8A CN201680050188A CN108351924A CN 108351924 A CN108351924 A CN 108351924A CN 201680050188 A CN201680050188 A CN 201680050188A CN 108351924 A CN108351924 A CN 108351924A
- Authority
- CN
- China
- Prior art keywords
- esc
- user
- security
- requestor
- service ticket
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013507 mapping Methods 0.000 claims abstract description 20
- 238000000034 method Methods 0.000 claims description 57
- 230000004044 response Effects 0.000 claims description 10
- 238000013500 data storage Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 11
- 239000002775 capsule Substances 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 238000013475 authorization Methods 0.000 description 7
- 230000009471 action Effects 0.000 description 4
- 230000032683 aging Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 210000000056 organ Anatomy 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 210000000988 bone and bone Anatomy 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 210000003205 muscle Anatomy 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
- 210000001519 tissue Anatomy 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 230000001755 vocal effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
One aspect of the present invention is characterized by ESC.ESC includes user-defined Service Ticket set comprising for user, uniquely at least one voucher, wherein Service Ticket set define the security level of the ESC for authorizing the access to being stored in the content in ESC.Delegated strategy, authentication requesting of the definition at least one requestor.And Security mapping strategy, requestor's Service Ticket from least one requestor is converted into security intensity and is compared for the security intensity of the security level with ESC.
Description
Cross reference to related applications
This application claims the equity of the applying date for the U.S. Provisional Application No. 62/186,726 submitted on June 30th, 2015.It is beautiful
The content of state's application number 62/186,726 is integrally incorporated herein by quoting with it.
Technical field
This specification is related to electronic data security.
Background technology
Electronic data security and privacy are more and more important in modern communications and computer system.Private and private corporation letter
Breath store in electronic format more and more, including for example electronic mark form, electric paying method, electronic medical record and
Electronics law and business documentation.Include the visit based on encrypted credentials to data-storage system for protecting the technology of electronic data
It asks.
Invention content
This specification is related to electronic security(ELSEC) container(ESC)And the method for accessing the user content being included in ESC
And system.
One aspect of the present invention is characterized by a kind of ESC.ESC includes user-defined Service Ticket set comprising
For user, uniquely at least one voucher, wherein the Service Ticket set are defined for authorizing in being stored in ESC
The security level of the ESC of the access of appearance.Delegated strategy, authentication requesting of the definition at least one requestor.And safety
Requestor's Service Ticket from least one requestor is converted to security intensity for the peace with ESC by mapping policy
The security intensity of full rank is compared.
This and other realization methods can optionally include one or more of following characteristics.Security level can
It is the first security level, and user-defined Service Ticket set can be first group of user-defined Service Ticket set.
In addition, ESC can include the Service Ticket set that defines of second user comprising for the unique at least one voucher of user,
Wherein the second Service Ticket set defines the second security level of the ESC for authorizing the access to being stored in the content in ESC.
The security intensity of second security level can be more than the security intensity of the first security level.
Another aspect of the present invention is characterized by a kind of ESC electronic devices.Electronic device include user-defined certification with
Card set comprising uniquely at least one voucher, wherein Service Ticket set are defined for authorizing to being stored in for user
The security level of the ESC of the access of content in ESC.Delegated strategy, authentication requesting of the definition at least one requestor.
And Security mapping strategy, by requestor's Service Ticket from least one requestor be converted to security intensity for
The security intensity of the security level of ESC is compared.
This and other realization methods can optionally include one or more of following characteristics.Electronic device can
It is Cloud Server.Electronic device can be mobile computing device.Electronic device can be the microchip on chip card.
Other aspects of theme described in this specification can embody in the method including acting as follows:From request
Person receives the request to accessing the content being included in ESC.Obtain the user that requester accesses are included in the data in ESC
Agree to.Agree in response to obtaining user, determines whether request is believable based on the Service Ticket of requestor.Determine requestor's
Whether the security intensity of Service Ticket meets or more than security intensity associated with the security level of ESC, the wherein safety of ESC
Rank is by including that the user-defined Service Ticket set of the unique at least one voucher of user is defined.In response to determination
The security intensity satisfaction of the Service Ticket of requestor or the security intensity of the security level more than ESC, provide to requestor to packet
It is contained in the access of the content in the security level of ESC.
This and other realization methods can optionally include one or more of following characteristics.It obtains for request
The user that person accesses the data being included in ESC agrees to can include that user is authorized asks for the delegated strategy verification based on ESC
The person of asking accesses the data being included in ESC.The user for obtaining the data being included in ESC for requester accesses agrees to wrap
The mandate for content of the requester accesses from ESC to user's request is included, and receives instruction and requester accesses is come from
The user of the mandate of the content of ESC inputs.User's input can indicate requestor can be accessed from it one of ESC of content or
Multiple security levels.
Determine whether the security intensity of the Service Ticket of requestor meets or more than peace associated with the security level of ESC
Full strength can include based on the Security mapping strategy of ESC come determine the security intensity of the Service Ticket of requestor, determination with it is fixed
The associated security intensity of user-defined Service Ticket set of the security level of adopted ESC and by the certification of requestor with
The security intensity of card is compared with the security intensity of user-defined Service Ticket set.
It is set forth in one or more realization methods of theme described in this specification in the the accompanying drawings and the following description
Details.Other features, aspect and the advantage of theme will become apparent according to this description, drawings and claims.
Description of the drawings
Figure 1A and Figure 1B depicts the expression of the exemplary electron safety container according to the realization method of the disclosure.
Fig. 2 depicts the example system for the realization method for being able to carry out the disclosure.
Fig. 3 and Fig. 4 depicts the instantiation procedure being able to carry out according to the realization method of the disclosure.
Similar reference number and label indicate similar element in various attached drawings.
Specific implementation mode
The realization method of the disclosure relates generally to ESC, and for accessing the user content being included in ESC(For example,
User data)Method and system.More particularly, ESC is secured data structure, prevents from accessing other content(For example, not adding
Close user data), unless access entity is properly authenticated.For example, ESC is used as the data for storing unencryption(For example,
ESC content-datas)Electronic safe, only in access entity(For example, another(Nonowners)User, enterprise, government's machine
Structure)Correct certification when just may have access to.Therefore, ESC and current Technology On Data Encryption the difference is that, instead of to sensitivity
Data itself are encrypted, can be pure with its by sensitive data(Unencryption)Format(For example, as text-only file, jpg images
File)It is stored in safe electronic container, ESC " inside ".In addition, ESC is for each owner/with being unique per family, because
Access strategy and voucher are defined by the user completely, and need use for the unique at least one attribute of the owner.
That is the owner/user defines both the number amount and type for accessing the required voucher of data being stored in ESC.ESC is
By the owner/user(For example, possessing the user of ESC)Definition and be based on voucher associated with the owner/user, unless
Such as it may need further to clarify when referring to nonowners user.However, for simplicity, spreading remaining of this description
Partly using term " user " to refer to the owner/user, unless may need further to clarify.
ESC can be realized on physics ESC cards(For example, as the microchip on standard identity certificate card), calculate fill
It sets(For example, as the app on smart phone)Or in the computing environment of trustship(For example, cloud trusteeship service).It can make
Access with any user-defined combination of Service Ticket come certification to ESC, Service Ticket such as, but not limited to authentication image
(For example, digital watermarking, quickly identification(QR)Code), near-field communication(NFC)Code, radio frequency identification(RFID)Code, bio-identification or its
His Service Ticket appropriate.Service Ticket can with but need not include any personal recognizable information(PII).
For example, replacing carrying identity document(For example, driving license or passport), user can store electronic identity documents
Carry in ESC and only ESC.Work as access entity(For example, another(Nonowners)User, enterprise, government organs)Request is used
When the identity document at family, their ESC can be only presented in user.For example, in customs inspection point, user can be by their intelligence
Phone is placed close to customs's computer.The smart phone of user for example can receive customs's machine via NFC from customs's computer
The Service Ticket of the ESC for accessing user of structure.One has authenticated the Service Ticket of custom agency and according to user in ESC
The smart phone of the strategy of setting, user can be provided to customs's computer to being stored in user's E-Passport in ESC
It accesses.For example, strategy can include the rule for accessing ESC or the data being stored in ESC for authorized user(For example, one
Or multiple conditions or condition combination or)Or the set of program.
As another example, ESC can include the credit card information of user, and user can be to enterprise(Such as supermarket)
Access to ESC is provided.For example, when user is in Supermarket account-settling, smart phone can be presented in user(With digital container).Intelligence
Energy phone can be from point of sale(POS)Computer receives the Service Ticket of supermarket, and the strategy that is arranged in ESC according to user is tested
The Service Ticket of supermarket is demonstrate,proved, and in response, the access to the credit card information of user is provided to the POS computer of supermarket.
In some instances, ESC itself can be stored on server, and ESC cards or the ESC application of user can
The mark data of ESC including identity user(For example, coded image, NFC codes or RFID codes).Access entity is able to access that
The ESC mark datas of user, and by ESC mark datas together with the content of the ESC for accessing user access entity with
Card sends the server of the ESC of trustship user to together.After certification access entity, server can be provided to access entity
Access to the content of the ESC of user.
ESC can have several access levels(For example, multiple " internal safety boxs "), each access level has tightened up
Authentication requesting, such as storing more sensitive data or user being allowed by data isolation to be available to some entities but right
Other entities are unavailable.For example, entity A(For example, DMV)It can be allowed access to be stored in the data within the first access level
(For example, electronic driver's license), but be not allowed access to be stored in the data within the second access level.Entity B(For example, enterprise
Industry)The data being stored within the first access level and the second access level may be able to access that, for example, the electricity in first level
Credit card information in sub- driving license and second level.
There are two types of access methods for ESC tools(For example, the both sides of " safety box "), one kind is for user(For example, ESC's is all
Person)And one kind being used for access entity.For example, all security levels of ESC must can be accessed because of user, therefore user
Any leakage of access credentials will all jeopardize the safety for the data being stored in all ranks of ESC.Therefore, user's access method
User can be limited and only execute certain functions, for example, user can be only permitted addition content and be destroyed from ESC(For example,
It is removed in the case of not checking)Content.Therefore, if the voucher of user is leaked, thief, which is actually unable in, enough checks ESC's
Content, but at most can only add new data or destroy available data.On the other hand, access entity can be allowed to access storage
Data within the authority levels of the ESC of access entity, but it may not be allowed to add or remove data.
In some instances, if not no proper authorization someone(Such as, it is intended to hacker)It attempts to access that content, then deposits
The content stored up in ESC can be automatically destroyed.
Figure 1A depicts the expression of the exemplary electron safety container 100 according to the realization method of the disclosure.ESC 100 is anti-
The secured data structure that Service Ticket set only accessing user content and being defined by the user defines.The Service Ticket set
Define the one or more security levels 106 that must be met for authorizing the access to being stored in the content in ESC 100.
Security level 1-4(106a-106d)Each of can be defined by Service Ticket that is different and being increasingly stringenter, and because
More sensitive content can be stored in the more high security level of ESC 100 by this user.
User-defined Service Ticket set can include such as voucher, such as fingerprint, face recognition, retina or iris
Identification, speech recognition(Such as voice prints or speech cipher), Social Security Number, password, digital watermarking, PIN number, NFC
Code, QR codes, person's handwriting, based on mobile voucher(For example, Move Mode, muscle/bone bio-identification)Or any other appropriate class
The safety or bio-identification voucher of type.Because of the owner(User)Their specific will be formed by defining which Service Ticket
ESC 100, and preferably at least one of Service Ticket is unique for the owner(For example, bio-identification identifies
Symbol), ESC 100 itself will be unique for each specific user.In some instances, user defines different Service Ticket
Gather each security level of the ESC 100 to indicate user(For example, rank 106a to 106b).That is, in order to use
Family acquisition is to being stored in the access of the content in ESC 100, content is added to ESC or changing the attribute of ESC(For example, strategy,
Security level or Service Ticket), user must provide the user-defined set of credentials for particular security levels and include
Each of Service Ticket.Therefore, only just know that given security level needs which type of Service Ticket inherently to authorize
Voucher.That is, each user may need different number and/or the Service Ticket of type to access their ESC 100
Or the various security levels of their ESC 100.Each of in some implementations, or even authorized certificate set is presented
Sequence used in voucher itself can also form a type of Service Ticket(For example, the password being made of security credence).
In some examples, ESC 100 can be by using the Service Ticket of the user in user-defined Service Ticket set as use
The content included in ESC 100 is encrypted with encryption key that content is encrypted.
For example, the first user can use their fingerprint, password and their vocal print(Not in particular order)Come
Define ESC 100.And second user can use their Social Security Number, password, face recognition data and iris recognition
Data(According to the particular order)To define ESC 100.Therefore, the first user and the respective ESC of second user are based not only on it
Respective voucher(Bio-identification and other)But also the number of the Service Ticket based on the ESC 100 for defining each user
Amount, type and sequence, and be unique for each user.
In some implementations, ESC 100 even can be together with user(For example, as user is ageing)Development.Example
Such as, selected by user with define ESC 100 biometric authentication voucher can with user is ageing or change and periodically
Or it is continuously updated.That is, for example, as user is ageing, the facial appearance of user will change, and therefore corresponding
Service Ticket will as the time changes, and be spread and, and ESC 100 will as the time changes.Therefore, ESC 100 is at certain
It can be considered as the shadow of user itself in meaning.
In addition, ESC 100 includes the set and Security mapping strategy 104 of delegated strategy 102.Delegated strategy 102 and safety
Mapping policy 104 allows requestor(Such as it is another(Nonowners)User, enterprise, government organs)Access ESC from the user
100 content.Delegated strategy 102 allows user to describe the content which requestor is allowed access to ESC 100 from the user.
For example, delegated strategy 102 can include the rule or program for allowing user to access ESC or the data included in ESC
Set.For example, delegated strategy 102 can include the requestor for the content that mark is given access ESC 100 from the user
User-defined accesses control list(ACL).It is allowed access in addition, delegated strategy 102 may include each requestor of mark
The data of which security level 106 of ESC 100.
Although user may be able to access that the content in the ESC 100 for being stored in them, or pass through presentation user oneself
The correct combination of Service Ticket to provide access to requestor, but in some implementations, user can be based on request
Person's oneself(It is one or more)Service Ticket carrys out authorization requests person and accesses and ESC 100.In such realization method, safety
Mapping policy 104 provide for define ESC 100 or ESC 100 particular security levels 106 user-defined certification with
Card gathers the measure compared and relatively assess the Service Ticket of requestor.For example, Security mapping strategy 104 can include for it is fixed
The user-defined Service Ticket set of the particular security levels 106 of adopted ESC 100 or ESC 100 assesses requestor compared to relatively
Service Ticket rule or program set.More specifically, the Service Ticket that Security mapping strategy 104 will be provided by requestor
Objective security intensity be attempt to the particular security levels 106 accessed with the requestor for defining ESC 100 or ESC 100
The objective security intensity of Service Ticket set of user be compared.In some instances, Security mapping strategy 104 includes using
In the algorithm of the security intensity of the combination of assessment Service Ticket and security credence.
The owner of ESC needs not be personal.In some implementations, the owner of ESC can be entity(For example,
The group of people, family, enterprise, tissue, government entity etc.).In such realization method, it can use directly and entity
The combination of associated voucher and/or the Service Ticket of multiple members from entity defines ESC.For example, enterprise is possessed
ESC can be by the fingerprint of fingerprint, CFO including CEO and the Service Ticket set of speech cipher and for the electricity of enterprise
Son accesses card to define.Therefore, in order to which into ESC, perhaps modification is included in the content in ESC in addition, CEO and CFO are both
Them must be provided respective voucher.
Figure 1B depicts another expression of the exemplary electron safety container 150 according to the realization method of the disclosure.ESC 150
Illustrate the modification of the ESC 100 shown by Figure 1A.ESC 150 includes 4 data capsule 106d-1 of two sseparated security levels
And 106d-2.For example, in some implementations, user can be identical to define using different Service Ticket set(Or phase
As)Multiple data capsules on security level.That is, for example, being defined using two different user credential set
Both data capsule 106d-1 and 106d-2, each user credential set have similar security intensity.For example, user may wish
It hopes the similar security level that driving license and both specific credit card informations for storing user are set, but may not wish
Hope identical requestor that can access credit card and provide both information person and driving license.Therefore, user can be set with identical
The voucher set(For example, PIN and thumbprint, according to the particular order)Define both data capsule 106d-1 and 106d-2, because
This they will security intensity all having the same, but can be directed in security level 4 data capsule 106d-1 and 106d-2
It is each to define delegated strategy(For example, the set of rule or program), access is limited in only authorized requestor.Example
Such as, user can indicate:Enterprise A is able to access that the data being stored in data capsule 106d-1(For example, credit card information),
DMV is able to access that the data being stored in data capsule 106d-2(For example, driving license)And another user(For example, matching
It is even)It is able to access that the data being stored in both data capsule 106d-1 and 106d-2.
Fig. 2 depicts the example system 200 for the realization method for being able to carry out the disclosure.System 200 can be used in generating, tie up
Content in shield and access ESC 100.System 200 include strategic server 202, user apparatus 204, requestor's device 206 with
And ESC reader devices 208 in some implementations.Strategic server 202, user apparatus 204, requestor's device 206
It is communicated by one or more networks 210 with each of ESC reader devices 208.
Strategic server 202 can be configured as generating, manage or storing one or more of one or more ESC 100
A computing device(For example, server).Strategic server 202 can have storage program and data(Such as operating system and one
A or multiple application programs)Internal or external storage unit.For example, strategic server 202 can indicate various forms of clothes
Business device system, including but not limited to web server, application server, proxy server, network server or server cluster.
One or more application program can be implemented as given an order:The instruction is stored in storage unit, and is being performed
When make one or more computing devices be generated according to user-defined parameter ESC 100 and to assess user or requestor's Service Ticket
For providing the access to being stored in the content in ESC 100.In addition, strategic server 202 can be Cloud Server, and
ESC 100 and its associated content can be stored.
User apparatus 204 and requestor's device 206 can be computing device, including such as mobile computing device(For example, moving
Mobile phone, smart phone, personal digital assistant, tablet computer), laptop computer, netbook computer and including individual
The desktop computer of the combination of computer, special purpose computer, all-purpose computer and/or special purpose computer and all-purpose computer.Meter
It calculates each of device 204 and 206 usually and can have for storing data and program(Such as operating system and one or more
Application program)Internal or external storage unit.In some instances, requestor's device 206 can be POS computing devices.With
Family device 204 and requestor's device 206 can include the various input units that can receive Service Ticket, such as small key
Disk, keyboard, fingerprint scanner, camera, microphone, touch screen and accelerometer.
ESC reader devices 208 can be the electronic device that can read the ESC 100 on ESC cards.For example,
ESC reader devices 208 can be and another computing device(For example, user apparatus 204 or requestor's device 206)It is communicated
Card reader.
Network 210 can provide strategic server 202, user apparatus 204, requestor's device 206 and ESC reader devices
Direct or indirect communication link between 208.The example of network 210 includes internet, WWW, wide area network(WAN)Including
Wireless LAN(WLAN)LAN(LAN), the wired and wireless telephone network of analog or digital, radio data network(Such as 3G and
4G networks), cable, satellite and/or any other delivery mechanism for delivering data.
ESC 100 can be realized on physics ESC cards(For example, as the microchip in smart chip card), user fill
It sets on 204(For example, as the app on smart phone)Or on strategic server 202(For example, cloud trusteeship service).One
In a little realization methods, ESC and its associated content are not stored at strategic server 202.For example, ESC 100 and its correlation
The content of connection can be stored on physics ESC cards(For example, as the chip on standard identity certificate card)Or in user apparatus 204
On.In such realization method, strategic server 202 can be used in generating ESC 100 and manage the visit to ESC 100
It asks.For example, strategic server 202 can assess user and requestor's authorized certificate.In some instances, strategic server 202
It can safeguard and implement delegated strategy 102 and Security mapping strategy 104.
In some implementations, ESC 100 can be implemented as the application on user apparatus 204.For example, user can be with
In their user apparatus 204(For example, smart phone)It is upper that there is ESC applications.User can use the finger of PIN number and they
Line defines their ESC(An or security level of their ESC).In some instances, PIN number and fingerprint can be with tables
Show the first security level of the ESC 100 of user, because two kinds of Service Ticket is used only in it.For example, user can incite somebody to action
Credit card payment information is stored in this first security level of their ESC 100, is then come using the first security level
The access to the payment information of daily purchase is provided to enterprise.In addition, user can be using one of two methods come to requestor
(Such as enterprise)Access to being stored in the content in its ESC 100 is provided.A kind of method is that user is allowed to provide him to ESC applications
Service Ticket, oneself access desired content(For example, credit card)And provide content to requestor(For example, via
The Radio Link of respective application on to POS system).Second method is to allow user to authorize particular requester directly access to come from
The ability of the content of the ESC 100 of user.For example, requestor is once the Service Ticket certification using requestor oneself, it is desired
Content can be transmitted to the computing system of requestor(Such as POS system).
For example, user can access cafe and be desirable for being stored in the payment information in their ESC 100(Example
Such as, credit card information)To pay their purchase.User can open the ESC 100 of they on their smart phone
Using and user apparatus 204 and requestor's device 206(For example, the POS computer at cafe)Between establish communication.Example
Such as, user apparatus 204 can establish the communication with requestor's device 206 by NFC.If cafe POS computer has phase
The ESC answered is applied and input unit appropriate is to support the Service Ticket of reception user, then user is capable of providing certification appropriate
Voucher(For example, PIN number and fingerprint)Access their ESC 100, and payment information can be by from user apparatus 204
ESC 100 be transmitted to requestor's device 206.For example, one establishes communication, POS computer can prompt salesman to ask user
Their Service Ticket is presented.Then user can input their PIN number on the keypad for being attached to requestor's device 206
Code, and their fingerprint is supplied to the fingerprint reader for being attached to requestor's device 206.The third method is double authentication
Method, wherein needing both Service Ticket of user and requestor to authorize requestor to being stored in the access of the content in ESC.
In another example, user can open the applications of the ESC on the user apparatus 204 of user, and be filled in user
It sets to establish between 204 and requestor's device 206 and communicate.However, in this example, user may authorize cafe and directly visit
Ask their ESC 100(Or the content at least in a security level of their ESC 100)Mandate.For example, generation
There is provided themselves Service Ticket for user to access the payment information from ESC 100, requestor's device 206 can to
Family device 204 sends access request.User apparatus 204 receives access request and verifies user with delegated strategy 102 and awarded
Weigh the ESC 100 that cafe accesses user.In some instances, access request can be sent to strategic server 202 with
In the verification carried out based on delegated strategy 102.In addition, access request may include being directed to requestor(For example, cafe)Recognize
Demonstrate,prove voucher.The Service Ticket of requestor can be sent to strategic server 202 for being authenticated by user apparatus 204.
Other than the authenticity of verification cafe voucher, strategic server 202 can also calculate the certification of cafe with
The security intensity of card.The security intensity of the Service Ticket of cafe and user can be directed to its ESC by strategic server 202
100(Or the security level 106 of the ESC 100 of requester requests access)The security intensity of Service Ticket be compared.At this
In example, strategic server 202 will be the fingerprint and PIN number of the combination of the security intensity and user of the Service Ticket of cafe
Security intensity be compared.If the Service Ticket of cafe does not have the combination for the Service Ticket for being at least equal to user
The security intensity of security intensity, then strategic server 202 will refuse the access to the ESC 100 of user, therefore ensure that requestor
Voucher meet user for accessing ESC 100(Or the particular security levels 106 of ESC 100)Minimum safe rank.Only
Want the security level satisfaction of the Service Ticket of cafe or the security level of the Service Ticket more than user, strategic server 202
Access of the requestor's device 206 to the payment information of the user from ESC 100 will just be authorized.
Fig. 3 depicts the instantiation procedure 300 being able to carry out according to the realization method of the disclosure.In some instances, example
Process 300 can be provided the one or more computer executable programs executed using one or more computing devices.
In some examples, process 300 is performed to provide the access to being stored in the content in ESC.
The request for accessing the content being included in ESC is received from requestor(310).Acquisition is included in requester accesses
The user of data in ESC agrees to(320).For example, the delegated strategy of ESC can indicate that authorization requests person accesses packet to user
The data being contained in ESC.It can be by the identity of requestor and the data included in the delegated strategy of ESC(For example, access control
List)It is compared.If user authorizes its authorization requests person agreement for accessing the content from ESC not yet, plan is such as authorized
Slightly indicated, then the request to requestor's grant authorization can be sent to the user of ESC.
The request is authenticated based on the Service Ticket for requestor(330).For example, the request may include needle
To the Service Ticket of requestor.The Service Ticket of requestor can be by such as certificate server certification.Determine that requestor is allowed to
The authorizing secure rank of access(340).For example, it may be determined that whether the security intensity of the Service Ticket of requestor meets or is more than
Access the security intensity needed for the security level of ESC.The security intensity of the security level of ESC can be based on the safety for defining ESC
The security intensity of the user-defined Service Ticket set of rank determines.Safety in response to the Service Ticket for determining requestor
Intensity meets or more than the security intensity accessed needed for ESC, and the access to the content included in ESC is provided to requestor
(350).
Fig. 4 depicts the instantiation procedure 400 being able to carry out according to the realization method of the disclosure.In some instances, example
Process 400 can be provided the one or more computer executable programs executed using one or more computing devices.
In some examples, process 400 illustrates the more detailed of the process 300 for providing the access to being stored in the content in ESC 100
Thin example.
The request for accessing the content being included in ESC 100 is received from requestor(402).It is determined according to delegated strategy 102
Access the mandate of the requestor of one or more security level 106a-106d of ESC 100(404).Delegated strategy 102 can refer to
Show whether user has authorized the agreement for requester accesses ESC 100(406).In some instances, delegated strategy 102 may be used also
Which security level 106 of ESC that requestor is authorized to indicated.If delegated strategy 102 indicates that user awards not yet
Content of the requester accesses from ESC 100 is weighed, then can send the request to requestor's grant authorization to the user of ESC.One
The received request to authorization requests person, so that it may to require 100 users of ESC to provide the Service Ticket of user(408).Based on use
The Service Ticket at family is authenticated user.After being certified, user can authorize comes from ESC 100 for requester accesses
Content mandate(409).In addition, user, which can indicate that requestor will be authorized to from it, accesses the safety of the ESC 100 of content
One or more of rank 106a-106d(410).
The identity of requestor is authenticated(412).For example, access request may include the Service Ticket of requestor.Please
The Service Ticket for the person of asking can be authenticated by such as certificate server.It is strong for the Service Ticket calculating security level of requestor
Degree(414).For example, security credence intensity algorithm can be included in the Security mapping strategy 104 of ESC 100.It can be based on
Security mapping policing algorithm carrys out the security intensity of the Service Ticket of computation requests person.Security mapping strategy 104 may insure to ask
The Service Ticket of person meets the minimum safe intensity of the various security levels to access ESC 100.For example, can be based on being used for
The security intensity for defining each of the ESC 100 corresponding user-defined Service Ticket set of corresponding security level is visited to determine
Ask the required security intensity of each security level of ESC 100.The security intensity of 100 security levels of each ESC can be deposited
The part as Security mapping strategy 104 is stored up, Security mapping strategy is for example by strong by the safety of the Service Ticket of requestor
The security intensity for spending 100 security levels of ESC for just seeking to access with requestor is compared and is carried out(416).
In response to determining that the security intensity of the Service Ticket of requestor meets or more than the appropriate safety level for accessing ESC 100
Not required security intensity provides the access to the content included in the security level of ESC 100 to requestor
(418).
The realization method of the operation and theme that describe in the present specification can realize with digital electronic circuitry, or
Person is with computer software, firmware or hardware(It is included in the description disclosed structure and its equivalent structures)It realizes, or
Person is realized with one or more combination.The realization method of theme described in this specification, which can use, to be calculated
On machine storage medium coding for executed by data processing equipment or to control one of operation of data processing equipment or
Multiple computer programs(That is, one or more modules of computer program instructions)To realize.Alternatively, or additionally, program
Instruction can be coded on manually generated transmitting signal, for example, electric signal, optical signal or electromagnetic signal that machine generates,
It is generated is used for transmission suitable acceptor device so that data processing equipment executes to carry out coding to information.Computer
Storage medium can be following every or be included in following items:Computer readable storage means computer-readable are deposited
Store up substrate, random or serial access memory array or device or one or more combination.Although in addition, meter
Calculation machine storage medium is not transmitting signal, but computer storage media can be encoded in manually generated transmitting signal
The source or destination of computer program instructions.Computer storage media can also be following every or be included in following items
In:One or more individually physical unit or media(For example, multiple CD, disk or other storage devices).
Operation described in this specification can be implemented as by data processing equipment to being stored in one or more calculating
The operation of data or the data execution received from other sources in machine readable storage devices.
Term " data processing equipment " covers the unit and machine of all kinds for handling data, as showing
Example include programmable processor, computer, system on chip or it is aforementioned in it is multiple or combination.Equipment can include special logic
Circuit system, such as FPGA(Field programmable gate array)Or ASIC(Application-specific integrated circuit).In addition to hardware, the equipment is also
Can include the code of performing environment being created for the computer program considered, such as constitute processor firmware, protocol stack, number
According to base management system, operating system, cross-platform runtime environment, virtual machine or in which one or more combinations generation
Code.Equipment and performing environment can realize a variety of different computation model infrastructure, such as web services, Distributed Calculation and net
Lattice computing basic facility.
Computer program(Also referred to as program, software, software application, script or code)Programming language that can be in any form
Speech is write, including compiling or interpretative code, statement or procedural language, and it can be disposed in any form, including as only
Found program or as module, component, subprogram, object or other units being suitable for use in computing environment.Computer program can
With but not necessarily correspond to the file in file system.Program can be stored in the one of the file for preserving other programs or data
In part(For example, being stored in one or more of marking language document script), in the list for the program for being exclusively used in considering
In a file, or in multiple coordination files(For example, the file of the part of the one or more modules of storage, subprogram or code)
In.Computer program can be deployed in a computer or positioned at a website or across the distribution of multiple websites and by logical
It is executed in the multiple stage computers of communication network interconnection.
Process and logic flow described in this specification can pass through execution of such as getting off:The programmable processing of one or more
Device executes one or more computer programs to execute action by being operated to input data and generating output.Process
It can also be executed by special purpose logic circuitry with logic flow, and equipment can also be implemented as dedicated logic circuit system
System, the special purpose logic circuitry is, for example, FPGA(Field programmable gate array)Or ASIC(Application-specific integrated circuit).
As an example, the processor for being adapted for carrying out computer program includes both general and special microprocessors and appoints
Any one or more processors of the digital computer of which kind of class.In general, processor will be from read-only memory or arbitrary access
Memory or both receives instruction and data.The element of computer may include the processor for being acted according to instruction execution with
And for storing instruction with one or more memory devices of data.In general, computer will also be including for storing data
One or more mass storage devices, or operation coupling is to receive data from one or more mass storage devices or incite somebody to action
For data transfer to one or more mass storage devices or both, one or more mass storage devices are, for example, magnetic
Disk, magneto-optic disk or CD.However, computer need not have such device.Furthermore it is possible to which computer is embedded in another dress
In setting, such as mobile phone, personal digital assistant(PDA), Mobile audio frequency or video player, game console, global location
System(GPS)Receiver or portable memory(For example, universal serial bus(USB)Flash drive), only lift several examples
Son.The device for being suitable for storing computer program instructions and data includes the nonvolatile memory of form of ownership, medium and deposits
Storage device includes as example:Semiconductor memory system, such as EPROM, EEPROM and flash memory device;Disk, example
Such as internal hard drive or moveable magnetic disc;Magneto-optic disk;And CD-ROM and DVD-ROM disks.Processor and memory can be by special
Logic circuitry is supplemented or is incorporated in special purpose logic circuitry.
In order to provide the interaction with user, the realization method of theme described in this specification can be with for that will believe
Breath is shown to the display device of user(For example, CRT(Cathode-ray tube)Or LCD(Liquid crystal display)Monitor)And user is logical
The keyboard and indicator device of input can be provided to computer by crossing it(For example, mouse or trace ball)Computer on realize.Its
The device of his type also can be used in providing the interaction with user;For example, it can be any type of to be supplied to the feedback of user
Sensory feedback, such as visual feedback, audio feedback or touch feedback;And it can be in any form(Including sound, voice or touch
Feel input)Receive input from the user.In addition, computer can by device used by a user send document and from
Described device receives document and is interacted with user;For example, by response to being connect from the web browser on the client terminal device of user
The request that receives and webpage is sent to the web browser.
The realization method of theme described in this specification can realize in computer systems, the computer system packet
Include back-end component(For example, such as data server), or including middleware component(For example, application server), or including
Front end component(For example, being used by the figure that it can be interacted with the realization method of theme described in this specification with user
The client computer of family interface or Web browser)Or back-end component as one or more, middleware component or preceding
Any combinations of end pieces.The component of system can pass through any form or medium of digital data communications(Such as communication network)
To interconnect.The example of communication network includes LAN(“LAN”)And wide area network(“WAN”), internet(For example, internet)With
And peer-to-peer network(For example, self-organizing peer-to-peer network).
Computing system can include client and server.Client and server is generally remote from each other, and typically
It is interacted by communication network.The relationship of client and server is by means of operating on corresponding computer and having each other
There is the computer program of client-server relation and generates.In some implementations, server is by data(For example, HTML
The page)It is sent to client terminal device(For example, being received for the user's display data interacted with client terminal device and from user
Purpose input by user).The data generated at client terminal device can be received from client terminal device at server(Example
Such as, the result of user's interaction).
Although this specification includes many concrete implementation mode details, these are not construed as to the disclosure
Any realization method or the content that can be claimed range limitation, but be construed to specific to sample implementation
Feature description.In the present specification, the certain features described under the background of separated realization method also can be in combination
It is realized with single realization method.On the contrary, the various features described under the background of single realization method also can dividually or with
Any suitable sub-portfolio is realized with multiple realization methods.In addition, although upper region feature may be described as closing with certain groups
It acts on and is even initially claimed like this, but the one or more features from combination claimed are at some
In the case of can be cut off from the combination, and combination claimed can be related to the modification of sub-portfolio or sub-portfolio.
Similarly, although depicting operation in a particular order in the accompanying drawings, this be not construed as need with
Shown particular order or desired to realize to be operated as consecutive order execution or execute the operation of all diagrams
As a result.In some cases, it may be advantageous for multitask and parallel processing.In addition, each in realization method described above
The separating of kind of system unit be not construed as being required in all realization methods it is such separate, and it should be understood that
Described program element and system usually can be integrated in single software product or be encapsulated into multiple software product together
In.
Therefore, it has been described that the specific implementation of theme.Other are realized in the range of following claims.One
In the case of a little, the action enumerated in claim can be executed in different order and still realize desired result.In addition,
The process described in attached drawing is not necessarily required to shown particular order or consecutive order to realize desired result.In certain realities
In existing mode, it may be advantageous for multitask and parallel processing.
Claims (20)
1. a kind of electronic security(ELSEC) container(ESC), including:
Electronic device, including:
User-defined Service Ticket set, including uniquely at least one voucher, the Service Ticket set are fixed for user
The security level of ESC of the justice for providing the access to being stored in the content in the ESC;
Delegated strategy, authentication requesting of the definition at least one requestor;And
Security mapping strategy, by requestor's Service Ticket from least one requestor be converted to security intensity with
It is compared in the security intensity of the security level of the ESC.
2. ESC according to claim 1, wherein the security level is the first security level, and the user defines
Service Ticket set be first group of user-defined Service Ticket set, and the ESC further includes:
The Service Ticket set that second user defines comprising for the unique at least one voucher of user, the second Service Ticket
The second security level of ESC of the set definition for authorizing the access to being stored in the content in the ESC.
3. ESC according to claim 2, wherein the security intensity of second security level is more than first safety
The security intensity of rank.
4. ESC according to claim 1, wherein the electronic device is Cloud Server.
5. ESC according to claim 1, wherein the electronic device is mobile computing device.
6. ESC according to claim 1, wherein the electronic device is the microchip on chip card.
7. ESC according to claim 1, wherein Service Ticket set includes the ordered set of two or more Service Ticket
It closes.
8. ESC according to claim 1, wherein the authentication requesting at least one requestor includes mark institute
State the data of the one or more security levels for the ESC that requestor is allowed access to.
9. ESC according to claim 1, wherein the Security mapping strategy includes minimum safe intensity, the requestor
Service Ticket must satisfy the minimum safe intensity to access the one or more safety that the requestor is authorized to
Each of rank.
10. ESC according to claim 1, wherein the delegated strategy includes that mark is allowed access to come from the ESC
Content requestor accesses control list.
11. a kind of computer implemented method executed by one or more processors, the method includes:
It is received from requestor and is included in electronic security(ELSEC) container to accessing(ESC)In content request;
The user that the data for the requester accesses included in the ESC are obtained by one or more of processors is same
Meaning;
Agree in response to obtaining the user, by Service Ticket of one or more of processors based on the requestor come really
Whether the fixed request is believable;
Determined by one or more of processors the security intensity of the Service Ticket of the requestor whether meet or more than with
The associated security intensity of security level of the ESC, the Service Ticket set that the security level of the ESC is defined by the user are fixed
Justice, the user-defined Service Ticket set include for the unique at least one voucher of user;
The safety of security intensity satisfaction in response to the Service Ticket of the determination requestor or the security level more than the ESC
Intensity provides the access to the content included in the security level of the ESC to the requestor.
12. according to the method for claim 11, wherein obtain and the requester accesses are included in the ESC
The user of data agrees to:The authorized requester accesses of the user are verified based on the delegated strategy of the ESC
Data included in the ESC.
13. according to the method for claim 11, wherein obtain and the requester accesses are included in the ESC
The user of data agrees to:
The mandate for content of the requester accesses from the ESC is asked to the user;And
The user for receiving mandate of the instruction for content of the requester accesses from the ESC inputs.
14. according to the method for claim 13, wherein the user, which inputs, indicates that the requestor can be out of its access
One or more security levels of the ESC held.
15. according to the method described in claim 7, wherein it is determined that whether the security intensity of the Service Ticket of the requestor is full
Include enough or more than security intensity associated with the security level of the ESC:
The security intensity of the Service Ticket of the requestor is determined based on the Security mapping strategy of the ESC;
Determine security intensity associated with the user-defined Service Ticket set of security level of ESC is defined;And
By the security intensity of the security intensity of the Service Ticket of the requestor and the user-defined Service Ticket set into
Row compares.
16. a kind of system, including:
One or more processors;And it is coupled to the data repository of one or more of processors, the data storage
Library has the instruction stored on it, and described instruction makes one or more of when being executed by one or more of processors
Processor execution includes the operation of the following terms:
It is received from requestor and is included in electronic security(ELSEC) container to accessing(ESC)In content request;
Obtain user's agreement that the requester accesses are included in the data in the ESC;
Agree in response to obtaining the user, determines whether the request is credible based on the Service Ticket of the requestor
's;
Determine whether the security intensity of the Service Ticket of the requestor meets or associated more than with the security level of the ESC
Security intensity, the Service Ticket set definition that the security level of the ESC is defined by the user, the user-defined certification with
Card set includes for the unique at least one voucher of user;
The safety of security intensity satisfaction in response to the Service Ticket of the determination requestor or the security level more than the ESC
Intensity provides the access to the content included in the security level of the ESC to the requestor.
17. system according to claim 16, wherein obtain and the requester accesses are included in the ESC
The user of data agrees to:The authorized requester accesses of the user are verified based on the delegated strategy of the ESC
Data included in the ESC.
18. system according to claim 16, wherein obtain and the requester accesses are included in the ESC
The user of data agrees to:
The mandate for content of the requester accesses from the ESC is asked to the user;And
The user for receiving mandate of the instruction for content of the requester accesses from the ESC inputs.
19. system according to claim 18, wherein the user, which inputs, indicates that the requestor can be out of its access
One or more security levels of the ESC held.
20. system according to claim 16, wherein determine whether the security intensity of the Service Ticket of the requestor is full
Include enough or more than security intensity associated with the security level of the ESC:
The security intensity of the Service Ticket of the requestor is determined based on the Security mapping strategy of the ESC;
Determine security intensity associated with the user-defined Service Ticket set of security level of ESC is defined;And
By the security intensity of the security intensity of the Service Ticket of the requestor and the user-defined Service Ticket set into
Row compares.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562186726P | 2015-06-30 | 2015-06-30 | |
US62/186726 | 2015-06-30 | ||
PCT/US2016/040298 WO2017004326A1 (en) | 2015-06-30 | 2016-06-30 | Electronic security container |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108351924A true CN108351924A (en) | 2018-07-31 |
Family
ID=57609133
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201680050188.8A Pending CN108351924A (en) | 2015-06-30 | 2016-06-30 | Electronic security(ELSEC) container |
Country Status (6)
Country | Link |
---|---|
US (1) | US20170006066A1 (en) |
EP (1) | EP3317801A4 (en) |
JP (1) | JP2018524727A (en) |
CN (1) | CN108351924A (en) |
CA (1) | CA2991154A1 (en) |
WO (1) | WO2017004326A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114422246A (en) * | 2022-01-20 | 2022-04-29 | 国家药品监督管理局信息中心(中国食品药品监管数据中心) | Data reading method and system and electronic equipment |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11068567B2 (en) | 2017-06-04 | 2021-07-20 | Harsha Ramalingam | Self-owned authentication and identity framework |
US11165786B2 (en) * | 2018-12-18 | 2021-11-02 | International Business Machines Corporation | Remote assistance controller that provides control over what a remote assistor can access |
US11153315B2 (en) * | 2019-05-30 | 2021-10-19 | Bank Of America Corporation | Controlling access to secure information resources using rotational datasets and dynamically configurable data containers |
US11165777B2 (en) | 2019-05-30 | 2021-11-02 | Bank Of America Corporation | Controlling access to secure information resources using rotational datasets and dynamically configurable data containers |
US11138328B2 (en) | 2019-05-30 | 2021-10-05 | Bank Of America Corporation | Controlling access to secure information resources using rotational datasets and dynamically configurable data containers |
US11281794B2 (en) * | 2019-09-26 | 2022-03-22 | Microsoft Technology Licensing, Llc | Fine grained access control on procedural language for databases based on accessed resources |
JP7441157B2 (en) | 2020-11-06 | 2024-02-29 | 株式会社東芝 | Data management methods, computer programs and data management systems |
US20220198861A1 (en) * | 2020-12-18 | 2022-06-23 | Sensormatic Electronics, LLC | Access control system screen capture facial detection and recognition |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070186106A1 (en) * | 2006-01-26 | 2007-08-09 | Ting David M | Systems and methods for multi-factor authentication |
US20130174241A1 (en) * | 2011-06-28 | 2013-07-04 | Interdigital Patent Holdings, Inc. | Automated negotiation and selection of authentication protocols |
US20140366128A1 (en) * | 2013-05-30 | 2014-12-11 | Vinky P. Venkateswaran | Adaptive authentication systems and methods |
US20150058931A1 (en) * | 2013-08-23 | 2015-02-26 | Morphotrust Usa, Llc | System and Method for Identity Management |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6263446B1 (en) * | 1997-12-23 | 2001-07-17 | Arcot Systems, Inc. | Method and apparatus for secure distribution of authentication credentials to roaming users |
JP2003263623A (en) * | 2002-03-11 | 2003-09-19 | Seiko Epson Corp | Recording medium and reader/writer for recording medium and method for using recording medium |
JP2004192353A (en) * | 2002-12-11 | 2004-07-08 | Nippon Telegr & Teleph Corp <Ntt> | Personal information disclosure control system and its method |
US7603548B2 (en) * | 2003-10-10 | 2009-10-13 | Bea Systems, Inc. | Security provider development model |
US7966489B2 (en) * | 2006-08-01 | 2011-06-21 | Cisco Technology, Inc. | Method and apparatus for selecting an appropriate authentication method on a client |
JPWO2009101755A1 (en) * | 2008-02-13 | 2011-06-09 | 日本電気株式会社 | Personal information distribution control system and personal information distribution control method |
US9026918B2 (en) * | 2008-10-16 | 2015-05-05 | Accenture Global Services Limited | Enabling a user device to access enterprise data |
US10165007B2 (en) * | 2011-09-15 | 2018-12-25 | Microsoft Technology Licensing, Llc | Securing data usage in computing devices |
US8869235B2 (en) * | 2011-10-11 | 2014-10-21 | Citrix Systems, Inc. | Secure mobile browser for protecting enterprise data |
US8745718B1 (en) * | 2012-08-20 | 2014-06-03 | Jericho Systems Corporation | Delivery of authentication information to a RESTful service using token validation scheme |
JP2014134986A (en) * | 2013-01-11 | 2014-07-24 | Hitachi Ltd | Biological authentication method |
US9424421B2 (en) * | 2013-05-03 | 2016-08-23 | Visa International Service Association | Security engine for a secure operating environment |
-
2016
- 2016-06-30 EP EP16818758.1A patent/EP3317801A4/en not_active Withdrawn
- 2016-06-30 US US15/197,933 patent/US20170006066A1/en not_active Abandoned
- 2016-06-30 CA CA2991154A patent/CA2991154A1/en not_active Abandoned
- 2016-06-30 WO PCT/US2016/040298 patent/WO2017004326A1/en active Application Filing
- 2016-06-30 JP JP2017568069A patent/JP2018524727A/en active Pending
- 2016-06-30 CN CN201680050188.8A patent/CN108351924A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070186106A1 (en) * | 2006-01-26 | 2007-08-09 | Ting David M | Systems and methods for multi-factor authentication |
US20130174241A1 (en) * | 2011-06-28 | 2013-07-04 | Interdigital Patent Holdings, Inc. | Automated negotiation and selection of authentication protocols |
US20140366128A1 (en) * | 2013-05-30 | 2014-12-11 | Vinky P. Venkateswaran | Adaptive authentication systems and methods |
US20150058931A1 (en) * | 2013-08-23 | 2015-02-26 | Morphotrust Usa, Llc | System and Method for Identity Management |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114422246A (en) * | 2022-01-20 | 2022-04-29 | 国家药品监督管理局信息中心(中国食品药品监管数据中心) | Data reading method and system and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
WO2017004326A1 (en) | 2017-01-05 |
EP3317801A4 (en) | 2018-07-18 |
CA2991154A1 (en) | 2017-01-05 |
JP2018524727A (en) | 2018-08-30 |
US20170006066A1 (en) | 2017-01-05 |
EP3317801A1 (en) | 2018-05-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108351924A (en) | Electronic security(ELSEC) container | |
US11176553B2 (en) | Method and system providing peer effort-based validation | |
US11588804B2 (en) | Providing verified claims of user identity | |
CN108351927A (en) | For access management without cipher authentication | |
BR112018007449B1 (en) | COMPUTING DEVICE, COMPUTER IMPLEMENTED METHOD AND COMPUTER READABLE MEMORY DEVICE | |
JP2018537022A (en) | System and method for managing digital identities | |
US20140089189A1 (en) | System, method, and apparatus to evaluate transaction security risk | |
US11599665B2 (en) | Controlling access to a secure computing resource | |
CN105229596A (en) | High level of authentication technology and application | |
EP3681126B1 (en) | Systems and methods for securely verifying a subset of personally identifiable information | |
US11956364B2 (en) | Information processing device and information processing method | |
CN110383240A (en) | The method and apparatus of safe computing resource for containerization | |
US9239936B2 (en) | System, method, and apparatus to mitigaterisk of compromised privacy | |
US11423403B2 (en) | Systems, methods, and computer program products for authorizing a transaction | |
CN110352411A (en) | Method and apparatus for controlling the access to safe computing resource | |
US20240144275A1 (en) | Real-time fraud detection using machine learning | |
EP3132366B1 (en) | Controlling actions performed on de-identified patient data of a cloud based clinical decision support system (cdss) | |
US12105841B2 (en) | Controlling access to a secure computing resource | |
US11860992B1 (en) | Authentication and authorization for access to soft and hard assets | |
KR102601098B1 (en) | Method and device for providing voucher approval information | |
Pannifer | Alternative authentication–what does it really provide? |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180731 |
|
WD01 | Invention patent application deemed withdrawn after publication |